Automating WIM Image Creation

One of the biggest problems with the use of “fat” Windows Images is accidental contamination of a production Image. A seemingly minor update can have unexpected consequences when background processes also make unnoticed changes. The only way of being certain of how a WIM Image has been created is to fully automate the process with Task Sequences so accidents can’t happen & an audit trail is left behind.

Both SCCM and Microsoft’s Deployment Toolkit can produce WIM Images but only MDT created Images can be used seamlessly with MDT AND SCCM deployment mechanisms. SCCM’s Build and Capture Task Sequence is great when SCCM will be delivering Windows to every machine in an organisation but there will often be other considerations for test and development environments that don’t have SCCM access.

I’ve come to accept that building and capturing Windows images outside from SCCM infrastructure provides a cleaner and more flexible solution than utilising the SCCM build and Capture task sequence.

Surprisingly, the out-of-the-box templates provided with the Deployment Toolkit don’t have a full task sequence for building and capturing and image without manual intervention. It’s not difficult to create one by merging the task sequences that are provided. It’s even easier if you use the template provided here.

Creating the Task Sequence

I am assuming that you already have Microsoft’s Deployment Toolkit installed with a new Deployment share. If not, you can get a copy from Microsoft here. You will also need an imported copy of your raw, Microsoft issued, Operating System. Importing the raw Operating System takes no more than finding the Install.wim file (within the sources folder of your Microsoft issued DVD) and then using the “Import Operating System” option from right-clicking on the “Operating Systems” folder within the MDT Deployment Workbench.

Download the RemoteBuild.xml MDT template to the local Templates directory within your deployment share and place a second copy within the “C:\Program Files\Microsoft Deployment Toolkit\Templates” directory. This will now allow the template to be used in creating Task Sequences.

From within the Deployment Workbench, the New Task Sequence Wizard may be invoked by using a “right click” on the Task Sequences section.

The New Task Sequence Wizard will now show the new “Remote Build and Capture” template that can be used for building an automated WIM

The task sequence will still require custom applications, patches and utilities to be added – depending on organisational requirements.

Creating the Boot Media

The properties of the deployment share (right click) allow bootable media options for accessing the created MDT share. The Windows PE tab specifies the architecture boot image that should be created. The architecture (34 bit or 64 bit) should match the expected architecture of the created Windows Image. Increasingly, this will be 64 bit.

After setting the MDT option to generate an ISO Image, the deployment share properties may be closed by clicking OK. The right-click options may again be used with the deployment share to actually create the bootable ISO media by selecting “Update Deployment Share”.

Once the process has completed, bootable ISO files may be found in the “Boot” folder of the Deployment Share. Chances are that you will need the Lite Touch 64 bit ISO Image to look at creating your organisation’s WIM.

Using a Virtual Machine

At this stage, you would have a core task sequence for building an Image and then uplifting the completed WIM back to your deployment share. You will also have a bootable ISO image for connecting back to the MDT Deployment share. You’ll also need a bootable machine that can be used to create the Image on. Virtual machines are idea for the Image capturing process with VMWare Workstation, Hyper-V or Oracle’s Virtual box all good options for providing a generic build platform. Depending on the virtual platform you choose, you may be forced to add additional drivers to support the particular virtual network cards into your MDT Share.

The screen captures below are from booting my virtual workstation from the Lite Touch ISO image created a few steps ago.

The first requirement is to use network credentials that can get back to your original deployment share.

The imported Build and Capture Task Sequence will be visible and selectable from the list – in this case, it’s the only Task Sequence enabled.

Make sure that you don’t join to a domain during the build of a reference machine.

The final option will allow you to set the name and location of the captured WIM Image.

After starting the build, the rest of the process will run to completion without intervention. It provides a method for ensuring that a consistency of what’s included within a WIM Image exists and it helps to enforce the modular idea that all changes within a WIM should occur via transparent packages. As there is no human intervention after the Task Sequence has begun, you can have complete confidence that only the applictions you have imported have been included within the WIM Image.